lockout account in vSphere 4.1

emeirell21 · ‎11-24-2010

Hello there,

Did anyone be able to implement a lockout policy in vsphere 4.1 ?

It used to be an easy task in 3.5 (esxcfg-auth --maxfailedlogins=3), where an account who tried 3 times to login with a bad password would be blocked.

Now this command is not supported in vsphere 4.1 anymore.

I also checked /etc/pam.d/system-auth and there's no line for pam_tally

at 3.5 it was there like:

account required /lib/security/pam_tally.so deny=5 reset no_magic_root

any help would me much appreciated.

thanks

Eduardo Meirelles

gaspipe · ‎11-25-2010

Looks like the same topic is discussed in http://communities.vmware.com/thread/258163

Texiwill · ‎12-03-2010

Hello,

gaspipe has the correct reference. Pam_tally is now the way to go.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

lockout account in vSphere 4.1